As used herein a “threat” comprises malicious software, also known as “malware” or “pestware”, which comprises software that is included or inserted in a part of a processing system for a harmful purpose. The term threat should be read to comprise possible, potential and actual threats. Types of malware can comprise, but are not limited to, malicious libraries, viruses, worms, Trojans, adware, malicious active content and denial of service attacks. In the case of invasion of privacy for the purposes of fraud or theft of identity, malicious software that passively observes the use of a computer is known as “spyware”.
In a networked information or data communications system, a user has access to one or more terminals which are capable of requesting and/or receiving information or data from local or remote information sources. In such a communications system, a terminal may be a type of processing system, computer or computerised device, personal computer (PC), mobile, cellular or satellite telephone, mobile data terminal, portable computer, Personal Digital Assistant (PDA), pager, thin client, or any other similar type of digital electronic device. The capability of such a terminal to request and/or receive information or data can be provided by software, hardware and/or firmware. A terminal may comprise or be associated with other devices, for example a local data storage device such as a hard disk drive or solid state drive.
An information source can comprise a server, or any type of terminal, that may be associated with one or more storage devices that are able to store information or data, for example in one or more databases residing on a storage device. The exchange of information (i.e. the request and/or receipt of information or data) between a terminal and an information source, or other terminal(s), is facilitated by a communication means. The communication means can be realised by physical cables, for example a metallic cable such as a telephone line, semi-conducting cables, electromagnetic signals, for example radio-frequency signals or infra-red signals, optical fibre cables, satellite links or any other such medium or combination thereof connected to a network infrastructure.
An entity can comprise, but is not limited to, a file, an object, a class, a collection of grouped data, a library, a variable, a process, and/or a device.
A problem faced by the computer system industry is how to determine which entities in a processing system are related. In some instances, entities are related by interacting, directly and/or indirectly, with each other to achieve a specific result or function.
For example, this problem can occur during the detection of malware in a processing system. Due to malware changing rapidly as new versions or modifications of malware infect processing systems, malware scanners and detectors need to be continually updated to determine which entities are considered malicious. The continual maintenance of the malware scanner can be a time-consuming task for users of processing systems as well as the manufactures of the software. Furthermore, most malware scanners only detect malware which the software has already been configured to detect. Therefore, when modified malware infects a processing system which is undetectable by the malware scanner, there is no easy process for the malware scanner, or a user of the processing system to determine which entities in the processing system are related and considered malicious.
Another example illustrating the problem of determining related entities in a processing system occurs in computer programming. For example, a computer programmer may need to determine which files, system variables, registry keys, header files and third party programs are required to generate a software module, such that the software module comprises all necessary components to compile and execute correctly. Although the task of determining the related entities can be manually performed by the computer programmer, this is a time-consuming task and requires an indepth knowledge of the structure of the entities in the processing system in order to be successfully performed.
There are a number of other such areas related to processing systems where the problem of determining related entities in a processing system arises.
Therefore, there exists a need for a method, system and/or computer readable medium of instructions to determine a group of related entities in a processing system which addresses or at least ameliorates problems inherent in the prior art.
The reference in this specification to any prior publication (or information derived from it), or to any matter which is known, is not, and should not be taken as an acknowledgment or admission or any form of suggestion that that prior publication (or information derived from it) or known matter forms part of the common general knowledge in the field of endeavour to which this specification relates.